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\i\u,i._i ;; its l 'o < jary^ 

1 i^,isMi»o ^ rirs.^^c^^r,^! oi sO-mops uJhst v> N iai"i <_ ^p'j ah >. 

Li siijig o f Claims; 

L. (Currently Amended) A control center system, comprising: 

a computer system » - control canter - to coordinate thwarting attacks on a data center that 
is coupled to a network, she «eB tro l ■ cwtf^-HX^ad iflgs the comput er sy stem comprising: 

a communication device, coupled to a physically separate network from 
the network that the data center is coupled to, to receive statis t teal data collected 
from network traffic flo ws co llected hy a plurality of monitors dispersed through 
the 3 ict work that the data center is coupled to, with the monitors sending the 
statistical data collected from the network that the data center is coupled to over 
the physically separate network front the network that the plurality oi monitors 
collect die statistical data from; 

a-conipute-iHS-ystem, with the computer system executing: -c ompri s ing; - 

a pK«et,-s ffi d t-t ^ t't - m^s-iHi th^CumpHie^-^y4em to anaiye the Matistic^! 
data frorn the plurality of monitors to determine network traffic statistics that can 
identity malicious network traffic; -and 

iU'^'CCs - to ideut uy .y'.;itc>x ay on the mo setonni? u-aw ork thaj are_v)niec -> 
°i mahejou* u-JS\ Jest e. i t. d lor tin data ccnlc < and 

a a-aa alyMS an d- filtering process to ■■ id^ >tify--^k--iO^-tfa44'ii^-itml to 
eliminate the malicious traffic from entering the victim data censer. 
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3 < i ' 4 \ \n e: < k. 1 llic f \siom ofekunt I v\ ht-rcisi the sta^heal tUtt j .ajah/ui 

by the control center is sampled packet, traffic and/or accumulated and collected statistical 

information about network flows. 

4. ; Orh:ioai) The system of chum 1 v\ Letetn the coi.tt.rol center a^e^tes made 
information arid coordinates measutes !o locate and bloe\ the volets <-; an a»uv* 

5. (Current iy Amended) The system of claim 1 w vcm r ve p'lwtvl \ ve{ at~,v icj\s<«k 

is a telephone network. 

6. (Currently Amended) The system of claim 1 wherein monitors include gateways that 
are disposed a; the victim data center and data collectors that are disposed in. the network, and the 
analysis process executed on the control ceute* analye-* ilK\j>ij£i>tieaJ data fiom aatev-a^ and 
da . <. k\S^'-J \> >e PtToUj.it tie ctwod to dt c trnue ^au ■> iiat ate d , sot , < es o« 
she malicious traffic. 

7. (Original) The system of claim 1 wherein die analysis process classifies attacks and 
determines a response based on the class of attack. 

8. (Original) The system of claim 7 wherein the classes of attack are denoted as low- 
grade with spoofing, low-grade without spoofing and high -grade whether spoofing or non- 
spoofing. 

9. (Currently Amended) A method, executed on a computer system, the method 
comprises: 

receiving by the computer system statistical data from a plurality of monitors, dispersed 
through Use nevo-av vth ;h* n,o mei> vndn^ the -uustwoi u<jta vol' ekv. !;om ire retwo^v 
exc e vx_<> id e.ixC T c\* **Hk*nd-a*H ut o w-th 'h-*? }-t4- tsnhHtt no^-OH^KMUir Ju. .s . olo e.i% 
v_-paraU' network from the network that the plurality of monitors collect data from; 
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an. \ 0 j bo .011 1 oj - vston the statistical data from the plurality of monitors io 
determine network traffic statistics thai can identify sour ces of malicious network traffic; and 

determining m the computer system a filtering process io install on d evices in t he 
network tha t the monitors c ollect d ata from to elim i nat e inhibit the malicious traffic from 
entering the victim data center. 

Claim 10 is canceled, 

1 1 . {Currently Amended} The method of claim 9 further comprising: 
aggregating in the computer .system stat istical data pertaining to n etwork traffic 

ink in mo ! ho i v jh „ U\ et n i iu>' -> and coordinating measures to locate and block the 

sources of an attack. 

12. (Currently Amended) The method of claim 9 wherein receiving and analyzing are 
performed by the computer system that is a control center coupled to the monitors via the 
l iarden e ^l-F efeKAant- second i tei work. 

13. (Currently Amended) The method of claim 9 wherein the, plurality of monitoring 
devices are data collectors dispersed ■throughout the network and at least one gateway device that 
is disposed adjacent the victim sue to protect the victim and wherein analyzing comprises: 

analyzing in the computer system data from the at least one gateway arid the data 
collectors dispersed throughout the network. 

14. (Original) The method oi claim 9 wherein analyzing comprises: 
classifying attacks and determining a response based on the class of attack, 

15 , (Original) The method of claim 14 wherein the classes of attack are denoted as low- 
grade with spoofing, low-grade without spoofing and high-grade whether spoofing or non- 
spoofing. 
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U> < «. a Vru. tided) The method of claim 14 further comprising: 
seudmg requests 10 gateways and/or data collectors to send statistica l data pertaining to 
network tra ffi c flow s an -attack to the control center. 

i 7. (Current! y Amended) The method of claim 14 further comprising; 
sending requests from the control center to gait-ways and/or data collectors for requests to 
m->\ii; If 'eis to :\\ „; os i molk tors af ^ekmg iMfnc 

18. (Currently Amended} A computer progrant product to coordinate thwarting attacks 
on a *k*H« data center that is coupled to a network comprises instructions to cause a computer 

receive data from a plurality of monitors, dispersed through a first network that is 
coupled to the victim data center, with the monitors sending statistical data collected by the 
monitors front the fir*t network over a second, d ifferent yedHftd^;- m»twork :-w^^^ 
network Jhatjs bekig-a physically separate network from the network that the plurality of 
monitors collect data from; 

analyze the data from the plurality of monitors to determine network traffic statistics that 
can identify malicious network traffic; 

vk\t:mifc e 's tc T r v otoiesi to oh J\ o n at ica-i' o i e u>.\„e in i c ret^o^ ! t a. 
n o utot .ol <- »j t i_ >_on_ 1 nh - ch m*i«te tiu n <tl <_ ou- tie tu >io n ttet * „ ' e m . jt«< 
center: and 

coordinate measures to locate and block the sources of an attack. 

1 9, (Currently Amended) The computer program product of claim 1 S wherein 
instructions to ^H-ri-vtM^fa-n-a^ 

v^-a4Kird^M^;"fiHi^ nda t tt ' aet work - coor dinate, comp rises instru ctions to: 

" C'i \ >ie s ,oui , ii_.uiAn."u K dnu exmn u t ' , i. 'h.l .he ^ .ootj 4 ■> ' jeim 

addj^ss.at.app.ropri atc gateways or identify appr opriate net work administrators to contact. 
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oWi\ u ! . on 41 <>,< ii^d.1 .t.ciu't iLrt i- ^oupioc U> s i avu> wVn ^» nh\ K ' \ 
executing: 

, OLl0HJ\ 'UiuS^ilcti v XO> dtONOJ I). (.!>'!." . -,i A iO 0v< \ 

-}< \\s-w< 1 uak. ..on uia* ei.il ros^ t oi t i pl't*.. "\ v» ironf'Mv ^isjv u?o u v 
ru. v,<* \ Uso „o .suas, <.a >ot. Jo .to and puxo^- -wkl ay t-k. jvmoA - o,x! ?o< „s .u 
fi>v ^ tai <. t .u ' T <» j, Jv uou 4 oj\ oxci a._vx ro j He enC KNkifHtaiH i_ ^.i'vw^ha' 

r.tK'*> i o-u> is u>JIe> < aij ion, .in<i 

'/h p'iK 4 iid. ov\t i. 1 - d'i !,.(.■ vorfuiu jti\ i . > 

- , or hop u.d ^ o' r onAi^ lo Jotumtjv iK\\\vit* tL l m itMi^v ! u ^j' s.Vj'U 
»< 'is ; o f ^o.k i* i*. 1 <. ana o , L k! mo mos>a^,. ^ .o> 'Lt r.Mi*\f\ \ ^ort \ is o riots n 
ii^ r. ^ jk t> i. o 'iiKalc ibv. o 1 v;; ,oi at\ vk on ■< u t a\ i t \ c i ot ant, 

. i^fHVviiof <X>ss o) aggiCiM'c <. si aisJkv k^rs !,\" nii, «L ; oi n j\\> ■> 
\ tn- , ^o.\J ufh.j r^-,i cs !<i locate ^od Ho< k be ^h.^ ol t .s *kk v. 

" Vwo s!\ 3' ev\ .o<i, 'I a. s\Momof <.\am 'u-'bu < on ~,in^. 
, 'K\ov j ' { o^O( ifO\ o ! U v<Mnp5' sv^teto * > v lot? . hSvjyv pio^ ~s \ - J mm&ie 
Scju'kM jo>r cU0!,M'j kio \ k , n ilHauiic 

C'faim 23 is canceled, 

- - >i'.o^> nis , kioxratoo.i rhc svtem ^kun Z\ i tub.. mpM-^v 
H- rrs, wk-.J-otUol o.ta.k 
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>s > ' ^> >h P < t d Ik- sWem of tbim 2! wherein Use ehsses >n aiUel 
denoted as ^^-i'r-idc :;Uacl: \%nh spoofing, a low giade ^liael without -.poohrci; .it id a :isl ; I' 
grade aiUck wK'ihu spooiuie v.-i uou spooling 

26 ^C'unvmh Amended ) 'iht. - s-y^kirs oi i laini 2\ , -nve--5H<MluHi- i >l ekttii-^4 ttirket 
corn prisms: 

a ;?r"q> -> -hai iend> ^kkftg requests u> gateway <nul o\ eara collectors u> send dau hack 



.r (Prc^ :t-UNl> Presented! !1v v stem of chum 21 UfUher <. outpn-;h;f.-- 
;t pu^ess u-. -s-nn retiues:^ iron: she control center so gateways :ei<i o* JisUi <. olki. iojs 
■nsiali liiieis in ul'er ou jit t i«.kine, tnHfie 



